I am new to Joomla, but trying to help someone who has 11 offensive links populating on the very bottom of every webpage. When I view the preview on each of the templates loaded (version 1.0 Prostar & version 3.1.0 Beez3), they each show the links. We need to get these off the site asap. One of the links opens a .php file within the journal folder (which I renamed so at least it would not open)...

When I delete the 'debug' position, they just populate in the Footer position...

<a href="http://[offensive link]/6sxmk.php">[offensive act]</a>

Last edited by toivo on Mon Nov 13, 2017 5:23 pm, edited 1 time in total.
Reason:mod note: moved to 3.x Security

You have been hacked and there really is only one sure way to ensure you really have cleaned up your site.

Webdongle wrote:Your database is your site ... first and foremost make a backup of your database.

All the files do is put/get data to/from the database and display the data on the screen.

Cleaning the site is easy ... just delete all the folders/files. Rebuilding the site is easy ... just install a fresh Joomla to a empty database and install 3rd party extensions then edit the configuration.php.

Before you ask what other users ask. No there is no real alternative ... you need to delete all folders/files.

Scan your computer and all computers that have server or Joomla admin access

Change Passwords

Install Joomla (of the same version) to a new database. Install up to date 3rd party extensions (that are not on the VEL) then edit the configuration.php to connect to the original database. Update Joomla if you have and old version

Change your Joomla SU/Admin Passwords and check the users/groups/access levels are correct and not been tampered with. Update your Joomla and run the fpa again

Step #f is simply installing Joomla and 3rd party extensions to an empty database so you get fresh files. Then connect the files to the database that has your data. That gives you your site back. The rest cleans the site and helps keep it secure.

The FPA report also does not provide any clues about other Joomla extensions (including third-party extensions) that may have permitted these "offensive links" to appear on the website.

Quite simply, however, if a website displays "offensive links" then the most likely conclusion is that someone (or something) other than the site owner created these things. It's indicative of site hacking (probably across multiple sites) and, if other sites present with these characteristics, then the site owner's assets across several sites have also been compromised. If other sites also present with non-recommended folder permissions then the site owner should take immediate steps to remediate several sites, not just the one mentioned in this topic.

https://www.kuneze.com/blogFormer member of Kunena project teamIf you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?